Dear my friends... We have a new sales department at our office. The internet access for this department should have some restriction. That's why I need to build a router for the LAN of this new department. Firstly, this router has 2 NIC (Ethernet). One is connected to the hub of the new LAN (belong to the new department, IP number 192.168.23.21/24) and another NIC (IP Number 192.168.23.20/24) is connected to the an internet dedicated router (IP Number 192.168.23.10/24). I also will put firewall (shorewall) on this router after this routing server works properly. Secondly, I want to make this policy as the beginning as follows: The computers whose IP number 192.168.23.240-192.168.23.254/255.255.255.0 may only visit "bloomberg.com" (204.179.240.9). So the other destination from 192.168.23.240-192.168.23.254 will be dropped (rejected). But the rest (192.168.23.1-192.168.23.239/24) may visit any internet domain (no restriction). How can I implement this with iptables? Please give me your advices... Thank you very much in advance. __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover